ArchitectureConference45min
Highly available Identity and Access Management with multi-site Keycloak deployments in the cloud
The proposal discusses improving Keycloak's multi-site capabilities for public cloud infrastructures, focusing on AWS. Discussing architectural choices, challenges, and useful tools, it aims to help optimize Keycloak deployments and design resilient applications. Topics include load shedding, cache stampedes, automated failover, and tools such as Gatling, Helm, OpenTelemetry, and Kubernetes Operators.
Alexander SchwartzRed Hat
Ryan EmersonRed Hat
talkDetail.whenAndWhere
Thursday, April 18, 11:35-12:20
Paris 241
A single sign on solution for your customers and employees shouldn't be a single-point-of-failure in your architecture. Keycloak, a popular Open Source Identity and Access Management solution that provides single sign on, amongst other capabilities, is no exception to this.
A clustered Keycloak deployment in a single site or datacenter provides sufficient availability for many. An increasing number of organizations need to utilize multiple sites for improved resiliency or to meet legal requirements. In 2023, Keycloak overhauled its multi-site capabilities for public cloud infrastructures, tested them thoroughly and provided deployment blueprints to the community. They show how to set up an AWS infrastructure and deploy Keycloak across multiple sites.
This talk presents, from an architects and developer perspective, how we approached the problem, which architecture we chose, the challenges we faced and which tools helped us along the way. Expect to dive into concepts like load shedding, cache stampedes, and automated failover. See tools like Gatling, Helm, OpenTelemetry, Kubernetes Operators and AWS infrastructure in action. We will also provide an outlook for the next steps in our journey.
These insights will help you to improve your Keycloak deployments as well as design and test your own applications so they can withstand high load and site failures.
A clustered Keycloak deployment in a single site or datacenter provides sufficient availability for many. An increasing number of organizations need to utilize multiple sites for improved resiliency or to meet legal requirements. In 2023, Keycloak overhauled its multi-site capabilities for public cloud infrastructures, tested them thoroughly and provided deployment blueprints to the community. They show how to set up an AWS infrastructure and deploy Keycloak across multiple sites.
This talk presents, from an architects and developer perspective, how we approached the problem, which architecture we chose, the challenges we faced and which tools helped us along the way. Expect to dive into concepts like load shedding, cache stampedes, and automated failover. See tools like Gatling, Helm, OpenTelemetry, Kubernetes Operators and AWS infrastructure in action. We will also provide an outlook for the next steps in our journey.
These insights will help you to improve your Keycloak deployments as well as design and test your own applications so they can withstand high load and site failures.
Alexander Schwartz
Alexander Schwartz is a Principal Software Engineer at Red Hat working full time as a Keycloak maintainer and technical team lead. At work and in his spare time he codes for Open Source projects. In previous jobs he worked as a software architect and IT consultant. At conferences and user groups he talks about JavaScript front ends, Java back ends, Kubernetes, performance and how to create great documentation with AsciiDoc and Antora.
Ryan Emerson
Ryan Emerson is a Principal Software Engineer at Red Hat. He is a member of the Infinispan and Keycloak open-source product teams, where
he leads the development of the Infinispan Kubernetes Operator, in addition to contributing to the development of the Infinispan core/server.
During the last year, he has primarily focused on developing new multi-site HA architectures for Keycloak.
Prior to joining Red Hat, Ryan earned his PhD from Newcastle University researching the Scalable coordination of distributed in-memory transactions.
he leads the development of the Infinispan Kubernetes Operator, in addition to contributing to the development of the Infinispan core/server.
During the last year, he has primarily focused on developing new multi-site HA architectures for Keycloak.
Prior to joining Red Hat, Ryan earned his PhD from Newcastle University researching the Scalable coordination of distributed in-memory transactions.
comments.speakerNotEnabledComments